Healthcare leads all industries with security breaches in H1

Author

Published

Share it

Dive Brief:

The number of public data breaches worldwide totaled 945 in the first half of 2018, compromising the privacy of 4.5 billion records, according to Gemalto's latest Breach Level Index.

Healthcare once again led all other industries in the number of incidents, with 27% of the breaches. The largest incident, at health referral service 211 LA County, exposed 3.5 million records through accidental loss.

Compared with the same period last year, the number of lost, stolen or compromised records shot up 133%, despite a slight overall decrease in the incidence of breaches — a sign cybercriminals are striking with increased severity over time.

Dive Insight:

The report comes as data breaches intensify and healthcare entities face millions in lost business, recovery and reputation loss. According to a recent Ponemon Institute analysis for IBM Security, the average cost of a data breach in 2018 is $3.86, 6.4% more than a year ago and nearly 20% more than in 2014. Healthcare organizations had the highest breach-related costs of any industry at $408 per lost or stolen record — nearly three times the cross-industry average of $148.

In early August, UnityPoint notified 1.4 million people that personal information may have been compromised when employees opened emails disguised to look like they were sent by a company official. The breach occurred between March 14 and April 3 and was discovered at the end of May. UnityPoint launched an investigation with an outside cybersecurity firm to assess the size and scope of the attack.

The breach was the second for UnityPoint in less than a year. In April, the Des Moines, Iowa-based nonprofit health system notified 16,400 people their records were at risk due to a phishing attack that could date back to last November. An attorney has filed a class action lawsuit on behalf of two patients affected by that breach.

Roughly two-thirds (65%) of data breaches in H1 2018 involved identity theft, according to Gemalto. Financial access incidents also are intensifying. While there were fewer breaches in the first half of this year (123 versus 171 in H1 2017), the number of records breached rose from 2.7 million to a staggering 359 million.

Malicious outsiders accounted for 56% of all incidents, while 7% were the work of an ill-meaning insider. And 34% of breaches were chalked up to accidental loss.

The report also underscores the growing threat to social media. While just six of the 945 data breaches involved social media, they accounted for more than 56% of all compromised data.

Cybersecurity experts stress the need for strong authentication and procedures around computer access and use. Encryption was used in just 2.2% of security breaches reported in the first half, Gemalto says, protecting less than 1% of records involved.